Notes on problems and solutions found while developing and goofing around, only technical and science stuff, no commercial pitchs, preaching or thought-leader crap, just hands-on stuff.

Wednesday, 3 December 2014

Fix Shellshock on non LTS/deprecated Unix distros

Plenty of things have been said about Shellshock vulnerability and solutions, most of them consisting of upgrading the bash module for LTS distros, but lately as I have dusted my ALIX board based on Voyage 0.9.0 distribution, I found this was not an option: even after upgrading and downloading the bash packet from the dist pool, there were requirements missing to upgrade/install bash from the packet manager. This was my current bash version:

I found a fix at ShellShocker and it was as easy as running the snippet below (although I would not recommend executing remote scripts, it is not a good practice), but if you are curious about what it does, or you want to run this yourself, the sources are also listed below.

curl https://shellshocker.net/fixbash | sh

After running the script the bash has been patched and the shellshock test now ommits the "busted" line.